> -----Original Message----- > From: Ken Anderson [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 31, 2002 5:07 PM > To: Tomcat Users List > Subject: Re: securing tomcat... > > > Just put this in your web.xml for root webapp or others... > > <error-page> > <error-code>404</error-code> > <location>/404error.html</location> > </error-page> > > and create 404error.html to say whatever you like.
It would still be visible in the HTTP headers, which is only ten seconds additional work to determine for the casual hacker, and visible from any page. It's possible to change/remove the server string by editing the sources, of course. You could also front-end Tomcat with HTTPD, which I believe has a config element for changing the server string. The server string is a non-essential part of client-server operation for well-behaved servers so removing it won't make a difference, although it doesn't do great things for the statistics that are generated for Apache :-/ -b -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
